CVE-2004-0396

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2004-0396
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2004-06-14 04:00:00 UTC
Updated2017-10-11 01:29:00 UTC
DescriptionHeap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Cvs Cvs 1.11 All All All
Application Cvs Cvs 1.12 All All All
Application Cvs Cvs 1.11 All All All
Application Cvs Cvs 1.12 All All All

References

ReferenceSourceLinkTags
Gentoo Linux Documentation -- CVS heap overflow vulnerability GENTOO security.gentoo.org
Secunia - Advisories - FreeBSD update for cvs SECUNIA secunia.com
US-CERT Technical Cyber Security Alert TA04-147A -- CVS Heap Overflow Vulnerability CERT www.us-cert.gov US Government Resource
Secunia - Advisories - CVS Entry Line Heap Overflow Vulnerability SECUNIA secunia.com
[Full-Disclosure] SUSE Security Announcement: cvs (SuSE-SA:2004:013) SUSE lists.grok.org.uk
CVS Malformed Entry Modified and Unchanged Flag Insertion Heap Overflow Vulnerability BID www.securityfocus.com
Repository / Oval Repository OVAL oval.cisecurity.org
US-CERT Vulnerability Note VU#192038 CERT-VN www.kb.cert.org Patch, Third Party Advisory, US Government Resource
'[FLSA-2004:1620] Updated cvs resolves security vulnerabilities' - MARC FEDORA marc.info
Debian -- Security Information -- DSA-505-1 cvs DEBIAN www.debian.org Patch, Vendor Advisory
e-matters : SECURITY MISC security.e-matters.de
Advisories - Mandriva MANDRAKE www.mandriva.com
IBM X-Force Exchange XF exchange.xforce.ibmcloud.com
Secunia - Advisories - Debian update for cvs SECUNIA secunia.com
'cvs server buffer overflow vulnerability' - MARC OPENBSD marc.info
FreeBSD-SA-04:10 FREEBSD ftp.freebsd.org
Secunia - Advisories - Red Hat update for cvs SECUNIA secunia.com
Neohapsis Archives - Full Disclosure List - #0980 - [Full-Disclosure] Advisory 07/2004: CVS remote vulnerability FULLDISC archives.neohapsis.com
Advisory 07/2004: CVS remote vulnerability BUGTRAQ cert.uni-stuttgart.de
6305 OSVDB www.osvdb.org
NetBSD-SA2004-008 NETBSD ftp.NetBSD.org
Secunia - Advisories - Gentoo update for CVS SECUNIA secunia.com
Repository / Oval Repository OVAL oval.cisecurity.org
redhat.com | Red Hat Support REDHAT www.redhat.com Patch, Vendor Advisory
'Advisory 07/2004: CVS remote vulnerability' - MARC BUGTRAQ marc.info
The Slackware Linux Project: Slackware Security Advisories SLACKWARE www.slackware.com
O-147: Linux CVS Server Heap Overflow Vulnerability CIAC www.ciac.org
'[OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)' - MARC BUGTRAQ marc.info
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report